Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-0658-1.NASL
HistoryMar 07, 2016 - 12:00 a.m.

SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1)

2016-03-0700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.036 Low

EPSS

Percentile

91.7%

JSON

Xen was updated to fix the following vulnerabilities :

CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)

CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267)

CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463)

CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator (XSA-162, bsc#956411)

CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (XSA-152, bsc#950706)

CVE-2015-8104: Guest to host DoS by triggering an infinite loop in microcode via #DB exception (bsc#954405)

CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156, bsc#953527)

CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159, bsc#956408)

CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159, bsc#956408)

CVE-2015-7512: Buffer overflow in pcnet’s non-loopback mode (bsc#962360)

CVE-2015-8550: Paravirtualized drivers incautious about shared memory contents (XSA-155, bsc#957988)

CVE-2015-8504: Avoid floating point exception in vnc support (bsc#958493)

CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165, bsc#958009)

Ioreq handling possibly susceptible to multiple read issue (XSA-166, bsc#958523)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:0658-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89723);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-0222", "CVE-2015-4037", "CVE-2015-5239", "CVE-2015-5307", "CVE-2015-7504", "CVE-2015-7512", "CVE-2015-7971", "CVE-2015-8104", "CVE-2015-8339", "CVE-2015-8340", "CVE-2015-8504", "CVE-2015-8550", "CVE-2015-8555");
  script_bugtraq_id(67357, 74809);

  script_name(english:"SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Xen was updated to fix the following vulnerabilities :

CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)

CVE-2015-4037: Insecure temporary file use in /net/slirp.c
(bsc#932267)

CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463)

CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator
(XSA-162, bsc#956411)

CVE-2015-7971: Some pmu and profiling hypercalls log without rate
limiting (XSA-152, bsc#950706)

CVE-2015-8104: Guest to host DoS by triggering an infinite loop in
microcode via #DB exception (bsc#954405)

CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,
bsc#953527)

CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,
bsc#956408)

CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,
bsc#956408)

CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode
(bsc#962360)

CVE-2015-8550: Paravirtualized drivers incautious about shared memory
contents (XSA-155, bsc#957988)

CVE-2015-8504: Avoid floating point exception in vnc support
(bsc#958493)

CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
(XSA-165, bsc#958009)

Ioreq handling possibly susceptible to multiple read issue (XSA-166,
bsc#958523)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=877642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=932267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=944463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=950706"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=953527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=954405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=956408"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=956411"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=957988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=958009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=958493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=958523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=962360"
  );
  # https://download.suse.com/patch/finder/?keywords=085198b0d3665c1af17df9c5dcb0be80
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2274b2c7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-0222/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4037/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5239/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5307/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7504/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7512/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7971/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8104/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8339/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8340/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8504/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8550/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8555/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20160658-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4d34111f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected Xen packages");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-ps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-bigsmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-kdumppae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-vmi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-vmipae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-ioemu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-devel-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-libs-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-devel-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-html-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-libs-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_46-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
}
VendorProductVersionCPE
novellsuse_linuxxen-doc-psp-cpe:/a:novell:suse_linux:xen-doc-ps
novellsuse_linuxxen-doc-pdfp-cpe:/a:novell:suse_linux:xen-doc-pdf
novellsuse_linuxxen-kmp-vmipaep-cpe:/a:novell:suse_linux:xen-kmp-vmipae
novellsuse_linuxxen-toolsp-cpe:/a:novell:suse_linux:xen-tools
novellsuse_linuxxen-kmp-bigsmpp-cpe:/a:novell:suse_linux:xen-kmp-bigsmp
novellsuse_linuxxen-tools-ioemup-cpe:/a:novell:suse_linux:xen-tools-ioemu
novellsuse_linuxxen-kmp-defaultp-cpe:/a:novell:suse_linux:xen-kmp-default
novellsuse_linuxxen-kmp-vmip-cpe:/a:novell:suse_linux:xen-kmp-vmi
novellsuse_linuxxen-kmp-debugp-cpe:/a:novell:suse_linux:xen-kmp-debug
novellsuse_linuxxen-tools-domup-cpe:/a:novell:suse_linux:xen-tools-domu
Rows per page:
1-10 of 181

References

Related

openvas 38
suse 9
fedora 11
nessus 62
freebsd 4
veracode 2
xen 4
centos 3
oraclelinux 4
redhat 9
debian 4
osv 1
mageia 1
f5 2
ubuntu 4
prion 5
ibm 1
cvelist 5
nvd 7
cve 7
ubuntucve 6
cbl_mariner 1
debiancve 8
seebug 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:0658-1)
2021-06-09 00:00:00
Fedora Update for xen FEDORA-2015-08
2015-12-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2306-1)
2021-06-09 00:00:00
suse
suse
Security update for Xen (important)
2016-03-04 22:13:56
Security update for xen (important)
2016-01-14 22:16:01
Security update for xen (important)
2016-01-14 22:19:10
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.2-5.fc22
2015-12-20 00:24:12
[SECURITY] Fedora 23 Update: xen-4.5.2-5.fc23
2015-12-17 07:40:46
[SECURITY] Fedora 22 Update: xen-4.5.2-2.fc22
2015-11-21 16:55:05
nessus
nessus
Fedora 22 : xen-4.5.2-5.fc22 (2015-08e4af5a20)
2016-03-04 00:00:00
SUSE SLES11 Security Update : xen (SUSE-SU-2015:2306-1)
2015-12-21 00:00:00
openSUSE Security Update : xen (openSUSE-2016-34)
2016-01-25 00:00:00
freebsd
freebsd
xen-kernel -- XENMEM_exchange error handling issues
2015-12-08 00:00:00
qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support
2015-11-30 00:00:00
xen-kernel -- CPU lockup during exception delivery
2015-11-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:01:52
Denial Of Service (DoS)
2019-01-15 09:09:19
xen
xen
XENMEM_exchange error handling issues
2015-12-08 11:29:00
x86: CPU lockup during exception delivery
2015-11-10 00:01:00
x86: some pmu and profiling hypercalls log without rate limiting
2015-10-29 11:59:00
centos
centos
qemu security update
2015-12-22 17:18:03
kernel, perf, python security update
2015-12-09 19:18:47
kernel, perf, python security update
2015-12-16 00:07:51
oraclelinux
oraclelinux
qemu-kvm security update
2015-12-22 00:00:00
Unbreakable Enterprise kernel security update
2015-12-10 00:00:00
kernel security and bug fix update
2015-12-08 00:00:00
redhat
redhat
(RHSA-2015:2695) Important: qemu-kvm-rhev security update
2015-12-22 15:16:25
(RHSA-2015:2694) Important: qemu-kvm security update
2015-12-22 00:00:00
(RHSA-2015:2696) Important: qemu-kvm-rhev security update
2015-12-22 00:00:00
debian
debian
[SECURITY] [DLA 479-1] xen security update
2016-05-17 23:13:35
[SECURITY] [DSA 3519-1] xen security update
2016-03-17 21:52:03
[SECURITY] [DSA 3454-1] virtualbox security update
2016-01-26 23:24:54
osv
osv
xen - security update
2016-05-17 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2015-11-20 01:08:19
f5
f5
SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
2016-01-13 00:00:00
K31026324 : Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
2016-01-13 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2015-12-03 00:00:00
Linux kernel vulnerability
2015-11-10 00:00:00
Linux kernel (Vivid HWE) vulnerability
2015-11-10 00:00:00
prion
prion
Design/Logic Flaw
2015-10-30 15:59:00
Design/Logic Flaw
2015-12-17 19:59:00
Design/Logic Flaw
2015-12-17 19:59:00
ibm
ibm
Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry
2020-07-19 00:49:12
cvelist
cvelist
CVE-2015-7971
2015-10-30 15:00:00
CVE-2015-8340
2015-12-17 19:00:00
CVE-2015-8339
2015-12-17 19:00:00
nvd
nvd
CVE-2015-7971
2015-10-30 15:59:07
CVE-2015-7512
2016-01-08 21:59:02
CVE-2015-7504
2017-10-16 20:29:00
cve
cve
CVE-2015-7971
2015-10-30 15:59:07
CVE-2015-8340
2015-12-17 19:59:08
CVE-2015-7512
2016-01-08 21:59:02
ubuntucve
ubuntucve
CVE-2015-8340
2015-12-17 00:00:00
CVE-2015-7504
2015-11-30 00:00:00
CVE-2015-7512
2015-11-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2015-7504 affecting package qemu-kvm 4.2.0-13
2020-11-05 04:21:31
debiancve
debiancve
CVE-2015-8340
2015-12-17 19:59:08
CVE-2015-7512
2016-01-08 21:59:02
CVE-2015-8550
2016-04-14 14:59:04
seebug
seebug
QEMU pcnet_receive 堆缓冲区溢出漏洞(CVE-2015-7504)
2015-12-10 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.036 Low

EPSS

Percentile

91.7%

JSON
Related for SUSE_SU-2016-0658-1.NASL
openvas38suse9fedora11nessus62freebsd4veracode2xen4centos3oraclelinux4redhat9debian4osv1mageia1f52ubuntu4prion5ibm1cvelist5nvd7cve7ubuntucve6cbl_mariner1debiancve8seebug1